I want to use Vault in docker with the Filesystem Storage Backend. So I map a volume to /mnt/vault/data, everything works fine.
After adding some secrets, when I looked into the created files in /mappedFolder/logical/someGuid/secrets, I could see the secrets but with their plain names.
Is this just how the filesystem storage works? Is there a way to at least obscure these names?
No, you should not be able to see secrets. What is a
Can you share the output of tree and where you see a plaintext secret?
Where this is the volume mapping:
The content of the files there is encrypted. But I was surprised to see the secrets’ names when I looked into the files.
By “plain name” I mean the actual name where I save this, “secret.crt” in this case:
cat secret.crt | base64 | vault kv put -tls-skip-verify secret/certs/secret.crt value=-
Or am I using this incorrectly?
You’re right @kalafut, kv store version 2 does the trick.
Thanks a lot guys.